0

I have Hash class as follows:

class Hash
{
    public static function make($string, $salt='')
    {
        echo $string.$salt;
        return hash('sha256',$string.$salt);
    }

    public static function salt($length)
    {
        return mcrypt_create_iv($length);
    }

    public static function unique()
    {
        return self::make(uniqid());
    }
}

I am calling method salt() with command: $salt=Hash::salt(32)

Unfortunatelly, function mcrypt_create_iv is not working on newer php.

How to redesign Hash class?

Thank you

SomeDutchGuy
  • 2,249
  • 4
  • 16
  • 42
Sinisa Janjetovic
  • 3
  • 3
  • Does this answer your question? [Secure hash and salt for PHP passwords](https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) – Tobias F. Nov 22 '19 at 12:29
  • A part of. I am beginner and I don't know if I should use hash salt metod or password_hash is enough? – Sinisa Janjetovic Nov 22 '19 at 12:35
  • 5
    For hashing passwords `password_hash` is the __best choice__. Do not invent the wheel. – u_mulder Nov 22 '19 at 12:36
  • Ok for hashing, but what about salt? Do I need it at all? – Sinisa Janjetovic Nov 22 '19 at 12:42
  • PHPs builtin password_* functions handle the salt themselves, you don't have to worry about anything apart from calling `password_hash($password)` ans store that as the hashed password in your database. – Tobias F. Nov 22 '19 at 12:44

2 Answers2

1

As PHP.net says:

Warning This function was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0.

Alternatives to this function include:

random_bytes()

So the alternative you are possibly looking for is random_bytes($len). It can be used the same way as the original deprecated function.

René Beneš
  • 448
  • 1
  • 13
  • 29
0

Warning This function was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0.

Alternatives to this function include:

random_bytes()


<?php
$bytes = random_bytes(5);
var_dump(bin2hex($bytes));
?>
Kankatala Krishna
  • 84
  • 3